There’s risk in any digital endeavor and fintech is no different.
Financial technology continues to evolve and create more affordable access to traditional financial products and services. It also creates a need for vigilant security practices on both the bank and fintech back-end.
Both banks and their digital partners need to be diligent in assessing partner technology and risk – especially as new players continue to shuffle into the burgeoning fintech market.
Successfully managing third-party risk, legacy systems and combatting bad actors are all imperative for fintechs and banks in order to keep customer and company data secure.
It’s a necessity to complete due diligence with your partners. For banks, this means understanding a fintech’s underlying systems and vendors. And for fintechs, that means understanding its vendors as well as the bank’s processes and systems.
A fintech may use one vendor to obtain Know-your-customer data and another to facilitate electronic document signing. The partnering bank needs to know who these companies are and what their processes are to ensure they’re safe and compliant with financial regulations. In this scenario, a bank would need to confirm its partners are complying with the Gramm-Leach-Bliley Act, which requires that banks have systems in place to protect customer information.
The fintech-bank relationship creates a long string of API connections to complete necessary processes. All the more reason to eliminate links in the chain that aren’t necessary.
“The first rule is if you don’t need it, don’t get it,” said Sunrise Banks Director of Strategy and Innovation Mark Gabriel. “If you don’t need (certain data) and it’s in the environment, you’re just setting yourself up for trouble.”
Legacy banking systems often aren’t suited to deal with today’s digital environment.
“It’s like trying to get a Volkswagen to drive like a Ferrari,” said Gabriel.
These antiquated systems pose security risks. Dated coding and infrastructure make them vulnerable to hackers. Banks looking to work in the fintech sector should ensure their systems are up-to-date and compatible with necessary API connections.
It can be hard to update core systems for a number of reasons. For one, new infrastructure brings on the need for a new knowledge base and potentially new employees. However, this is a necessary step for banks that want to try their hand in the fintech sector.
The digital world creates more risk. And banks and fintechs need to act accordingly.
“A digital environment is inherently more dangerous than a physical one,” said Gabriel. “(A person) could probably only open one fraudulent bank account in an hour. If you’re on your computer and you create a bot to do it, you can open way more accounts, way faster.”
Digital security continues to be headline news. Most recently, the United States expressed concerns that Huawei communication networks might be exploited to spy on consumers.
Gabriel added that digital transactions make it harder to recognize bad actors. In fintech, you don’t always know who’s on the other end of your transaction.
Added vigilance surrounding security systems, encryption and up-to-date software is necessary to mitigate the risk of cyber threats.
At Sunrise Banks, we’re committed to not only creating effective products, but also compliant ones. We take compliance and security seriously, and help clients navigate the complexities of the financial regulatory landscape.
Lean more about our fintech partnerships here.